[gnutls-devel] [PATCH] asn1random.pl: generate simple tags only

Matvejchikov Ilya matvejchikov at gmail.com
Wed Mar 4 09:44:34 CET 2015


2015-03-04 11:33 GMT+03:00 Nikos Mavrogiannopoulos <nmav at gnutls.org>:
> On Wed, Mar 4, 2015 at 9:24 AM, Matvejchikov Ilya
> <matvejchikov at gmail.com> wrote:
>> 2015-03-04 10:51 GMT+03:00 Nikos Mavrogiannopoulos <nmav at gnutls.org>:
>>> On Wed, Mar 4, 2015 at 1:35 AM, Matvejchikov Ilya
>>> <matvejchikov at gmail.com> wrote:
>>>> Please, review the patch
>>> Thanks Ilya. It looks reasonable, but could you elaborate why this is
>>> needed? Wouldn't it make sense to have these tags as well?
>> This patch fixes the problem. But it would be nice to have theese tags
>> correctly encoded too.
>
> I think the idea of these scripts is to test incorrectly encoded tags
> as well, so if you strive to correctly encode them, you may defeat its
> purpose. It would make sense however, to have them generate reasonable
> structures that don't get rejected immediately. However, I'm not sure
> I understood which problem you notice there, and what you're try to
> solve.
>

Not sure as x509random.pl has the explicit option that allows to
inject encoding errors. But asn1random.pl doesn't. So, in my opinion
asn1random.pl intended to generate valid ASN/DER blobs with correct
structure. But tags >= 31 encoded incorrectly (according to X.690-0207
-- 8.1.2.4) and parsers (dumpasn1, openssl/asn1parse) fails with
theese samples.

>> Do you know who is the maintainer of asn1random.pl / x509random.pl scripts?
>
> They were originally written to test an ASN.1 parser in the  Linux
> kernel. Not sure if there are still used for that. You may contact the
> author if you like.
>

Added in the CC.

> regards,
> Nikos



More information about the Gnutls-devel mailing list